14603 matches found
WP Tell a Friend Popup Form <= 7.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Profile Extra Fields by BestWebSoft < 1.2.8 - Unauthenticated Sensitive Data Disclosure
Description The plugin does not have authorisation in the prflxtrfldsexportfile function, allowing unauthenticated users to retrieve sensitive data such as the ones entered in custom fields...
Slick Contact Forms <= 1.3.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Short URL <= 1.6.8 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Smarty for WordPress <= 3.1.35 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
LeadSquared Suite <= 0.7.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Gallery Metabox <= 1.0.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Hide Pages <= 1.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Maintenance Switch <= 1.5.2 - Theme Files Creation/Deletion via CSRF
Description The plugin does not have CSRF checks when creating and deleting theme files as well as reseting settings, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
Use Memcached <= 1.0.5 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Contact Form <= 2.0.10 - Form Styling Update via CSRF
Description The plugin does not have CSRF check when updating the contact form styling, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Instant CSS < 1.1.5 - Subscriber+ Unauthorised AJAX Calls
Description The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify/access theme and CSS data for example. It could also lead to Stored XSS issues...
WP Synchro < 1.10.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Live News < 1.07 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Enhanced Ecommerce Google Analytics for WooCommerce < 3.7.2 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Fraud Prevention For Woocommerce < 2.1.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Woocommerce ESTO < 2.23.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Google Map Shortcode <= 3.1.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Kv TinyMCE Editor Add Fonts <= 1.1 - Font List Update via CSRF
Description The plugin does not have CSRF check when updating its font list, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Add Shortcodes Actions And Filters < 2.10 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Emoji One <= 0.6.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Like Button <= 1.7.0 - Button Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its Button settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Post View Count <= 1.8.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
ShortCodes UI <= 1.9.8 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
HTTP Auth < 1.0.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
MakeStories (for Google Web Stories) <= 2.8.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Video Gallery & Management < 3.3.6 - Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Woocommerce Category Banner Management < 2.4.3 - Shop Banner Settings Update via CSRF
Description The plugin does not have CSRF check when updating its Shop Banner settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Checkfront Online Booking System < 3.7 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Shockingly Simple Favicon <= 1.8.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WooCommerce Login Redirect <= 2.2.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CopyRightPro <= 2.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Realbig <= 1.0.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings as well as clear logs and cache, which could allow attackers to make a logged in admin change them via a CSRF attack...
Remove slug from custom post type <= 1.0.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Easy WP Cleaner <= 1.9 - Data Deletion via CSRF
Description The plugin does not have CSRF check when deleting data from the blog, which could allow attackers to make logged in admins perform such action via a CSRF attack...
ChatBot < 4.7.9 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Leadster < 1.1.3 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its Script Code setting, which could allow attackers to make a logged in admin change it via a CSRF attack...
WP Forms Puzzle Captcha <= 4.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
MyCryptoCheckout < 2.126 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Outbound Link Manager <= 1.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
GTmetrix for WordPress < 0.4.8 - Arbitrary Post Deletion via CSRF
Description The plugin does not have CSRF check when deleting posts, which could allow attackers to make logged in admins perform such action via a CSRF attack...
WP-CopyProtect <= 3.1.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Order Delivery Date for WP e-Commerce <= 1.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Make Paths Relative <= 1.3.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
GEO my WordPress < 4.0.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP-dTree <= 4.4.5 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Super Minify < 1.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Block Update < 3.3.2 - Arbitrary Plugin Update Blocking via CSRF
Description The plugin does not have CSRF check when blocking plugin from being updated, which could allow attackers to make logged in admins perform such actions via a CSRF attack...
WP Captcha <= 2.0.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Custom Post Template <= 1.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...